How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information that has been collected lawfully. Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. We maintain our duty of confidentiality by conducting annual training and awareness, ensuring access to personal data is limited to the appropriate staff and information is only shared with organisations and individuals that have a legitimate and legal basis for access.
Information is not held for longer than is necessary. We will hold your information in accordance with the Records Management Code of Practice for Health and Social Care 2016.
Consent and Objections
Do I need to give my consent?
Under GDPR, consent means offering people genuine choice and control over how their data is used. When consent is used properly, it helps you build trust and enhance your reputation. However, consent is only one of six potential lawful bases for processing information.
We may not need to seek your explicit consent for every instance of processing and sharing your information, on the condition that the processing is carried out in accordance with this notice. If we are required to share your information for any other purpose which is not mentioned within this notice then we will contact you to advise you accordingly. In the event we need consent from you, such consent will be documented within your electronic patient record.
If consent is not the legal basis for processing the data it may be that we are still able to legally process the data without your consent, this would be communicated to you.
Data at the Trust
For details about Data Protection at Sandwell and West Birmingham NHS Trust visit the Trust’s website here.
The data held in your GP medical records is shared with other healthcare professionals for the purposes of your individual care. It is also shared with other organisations to support health and care planning and research. You have a choice. If you are happy for your information to be used in this way you do not have to do anything. If you do not want your personally identifiable patient data to be shared outside of your GP practice for purposes except your own care, you can register an opt-out with your GP practice. This is known as a Type 1 Opt-out.
Type 1 Opt-outs may be discontinued in the future. If this happens then they may be turned into a National Data Opt-out. Your GP practice will tell you if this is going to happen and if you need to do anything. More information about the National Data Opt-out is here: https://www.nhs.uk/your-nhs-data-matters/